V 



(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Organization 

International Bureau 

(43) International Publication Date 
29 August 2002 (29.08.2002) 




PCT 



(10) International Publication Number 

WO 02/067621 Al 



(51) International Patent Classification 7 : H04Q 7/38 

(21) International Application Number: PCT/SE02/O0255 

(22) International Filing Date: 14 February 2002(14.02.2002) 

(25) Filing Language: English 

(26) Publication Language: English 



(30) Priority Data: 
0100549-5 



19 February 2001 (19.02.2001) SE 



(71) Applicant: TELIA AB (publ) [SE/SE]; Marbackagatan 
11, S- 123 86Farsta (SE). 



(74) Agent: SVENSSON, Peder; Telia Research AB,Vitsands- 
gatan 9, S-123 86 Farsta (SE). 

(81) Designated States (national): EE, LT, LV, NO. 

(84) Designated States (regional): European patent (AT, BE, 
CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, 
NL, PT, SE, TR). 

Published: 

— with international search report 

For two-letter codes and other abbreviations, refer to the "Guid- 
ance Notes on Codes and Abbreviations" appearing at the begin- 
ning of each regular issue of the PCT Gazette. 



(72) Inventor: ERIKSSON, Jonas; John Ericssongatan 16, 
S-652 22 Karlstad (SE). 





1 


CA 


A 






\ 3 y 





o 



(54) Title: DIGITAL PERMISSIONS FOR POSITIONING 

(57) Abstract: The present invention relates to a wireless 
communication system and a procedure for secure man- 
agement of position information between at least one su- 
pervised object (A) and a supervising object (B). Said ob- 
jects (A, B) are preferably carried by supervised and su- 
pervising physical or juridical persons. The system ac- 
cording to the invention includes an operator and a posi- 
tion permission issuer (PTU) and is characterized in that 
the supervised object (A) is arranged, by means of a dig- 
ital permission issued by the permission issuer (PTU), to 
provide/issue permission for/to the supervised object (B) 
to receive information about its geographical position, at 
which said operator has devices for providing the current 
position information for/to the supervised object (B). In 
one embodiment of the invention, the supervising object 
(B) must have the permission of the supervised object (A) 
each time it wants to derive information about the position 
of the supervised object (A), but the supervising object (B) 
also can be provided with an authority from the supervised object (A), at which the supervising object (B) automatically receives 
information about the position of the supervised object (A). 
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DIGITAL PERMISSIONS FOR POSITIONING 

Field of the invention 

The present invention relates to a system and a 
5 procedure for secure management of position information in 
a wireless communication network, and particularly such a 
system and procedure that includes digital permissions. 

Background of the invention 

10 It is in many connections desirable to have 

possibility to obtain information about, for instance, a 
person's geographical position, and position based services 
are expected to be very important for the third generation 
mobile telephone systems, due to, for instance, that in 

15 those systems very great demands are made upon accuracy in 
the position information. 

Positioning equipment in combination with mobile radio 
systems consequently is creating a lot of new services. For 
some of these services which are executed in real time, 

20 permission for provision of the position information can be 
managed in a comparatively simple way. In other cases, 
where the service is not initiated by the user when it 
shall be utilized, some form of secure and well structured 
management of permissions and which include the possibility 

25 to create semipermanent position permissions. 

The American patent US 6,072,396 shows a device and a 
method to supervise and trace people by means of a mobile 
telephone system, at which position information is 
collected in a central unit which then can present the 

30 information. Further, US 6,072,396 shows a device which 
includes, for instance, measuring of blood pressure and 
pulse, at which this information is collected and 
transmitted to the central unit. 

The international patent application WO 00/16288 shows 

35 a system for watch and supervision of persons who need help 
or protection. The supervised person carries a transmitter 
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which transmits signals over a mobile communication 
network. The signals contain information about position and 
identity and are stored in a central unit. After that, the 
information is accessible in the central unit to an 
5 authorized person or public authority. 

The Japanese patent JP 11258325 shows a device and a 
procedure for supervision of a child's or animal's 
geographical position. The position information is 
transmitted via a mobile telephone system to a supervision 
10 center. 

Previous systems are based on that the one who shall 
provide position information creates an internal database 
for all users. This database must be maintained, and for 
each user all instances and/or persons, who are authorized 
15 to request the user's current position and under which 
premises, have to be entered. To maintain a database of 
this kind is both complicated and expensive and the risk of 
mistakes are obvious. If information is wrongly provided, 
there also may be a risk of claim for damages. 

20 

Aim of the invention 

The present invention aims at solving above problems 
by creating a secure and flexible PKI-based (PKI, Public 
Key Infrastructure) , wireless communication system to 

25 manage the provision of position information. 

Another aim of the present invention is to create a 
possibility to separate the issuing of permission and the 
responsibility for positioning from that operator who is 
responsible for the operation of the communication system 

30 and who extracts and forwards the position information in 
question. 



Summary of the invention 

The present invention consequently relates to a 
35 wireless communication system and a procedure for 

management of position information between at least one 
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supervised object and one supervising object. Said 
supervised object is preferably carried by a supervised 
person, and said supervising object by a supervising 
person, at which said persons are physical or juridical 
5 persons. 

The system according to the invention includes an 
operator and an issuer of position permission and is 
characterized in that the supervised object is arranged to, 
by means of a digital permission issued by the permission 

10 issuer, provide permission for/to the supervised object to 
receive information about its geographical position, at 
which said operator has devices to provide the current 
position information for/to the supervising object. 

The system according to the invention is preferably 

15 PKI-based and the supervised object and the supervising 
object further can be identified by means of digital 
identities, at which the digital identities consist of 
digital certificates issued by a Certificate Authority. 

In one embodiment of the invention, the supervising 

20 object must have the permission of the supervised object 

each time it wants to derive information about the position 
of the supervised object, but the supervising object can 
also be equipped with an authorization from the supervised 
object, at which the supervising object is arranged to 

25 automatically receive information about the position of the 
supervised object without the supervised object each time 
needing to provide its permission. 

Further, the digital permission is arranged to consist 
of an attribute certificate and include information about 

30 the permission issuer, to whom the permission has been 

issued, that is, to which supervising person the permission 
has been issued, and possibly also a description of the 
supervised object and the supervised person. 

In one more embodiment, the position permission issuer 

35 and the operator are arranged as one unit and preferably 
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the system according to the invention is a mobile telephone 
system. 

Brief description of drawings 
5 The present invention will be described in more detail 

with reference to enclosed figures, in which 
Figure 1 shows a schematic outline of an embodiment of the 
system according to the invention; and 

Figure 2 shows a schematic outline of another embodiment of 
io the system according to the invention. 

Detailed description of the invention 

The present invention consequently relates to a 
wireless communication system for management of the 

15 provision of position information between a supervised 
object A and a supervising object B. At which the 
supervised object A and the supervising object B preferably 
are carried by supervised respective supervising physical 
or juridical persons. 

20 One embodiment of the system according to the 

invention is shown in Figure 1. In this embodiment 
traditional PKI is utilized, where a supervised object A 
and a supervising object B have received digital 
certificates from any Certificate Authority (CA) . This is 

25 illustrated in Figure 1 by the arrows 1 and 2. These steps, 
however, are not necessary in the cases when the objects A 
and B already are equipped with digital certificates or any 
other digital identification by means of which they can be 
identified. When the person who is carrying the supervised 

30 object A wants to issue permission to the person who is 
carrying the supervising object B to receive the position 
of the object A, the object A establishes contact 3 with a 
position permission issuer, designated by the abbreviation 
PTU in Figure 1. PTU has much the same function as a 

35 traditional Certificate Authority (CA) . The supervised 
object A has to authenticate itself to the permission 
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issuer PTU and after that, the object A can instruct the 
PTU to issue a digital permission to the supervising object 
B. The digital permission is an attribute certificate 
which, for instance, includes information about the 

5 permission issuer PTU, to whom the permission has been 

issued, that is to which supervising object B or person the 
permission has been issued, description of the supervised 
object A, and possibly also information about the person 
who is carrying the object A, but other information is also 

10 possible. Further, the issued digital permission is signed 
by/with the private key of the PTU. The issued digital 
permission after that either can be transmitted (according 
to the dashed arrow 4 in Figure 1 and 2) to the supervising 
object B to which it issued, or the digital permission can 

15 be made publicly accessible by means of, for instance, one 
or more, more or less, public catalog services. When the 
supervising object B, which has received permission to 
derive information about the position of the supervised 
object A, wants to do this, object B establishes contact 5 

20 with an operator. The operator is the one who is 

responsible for the operation of the communication network 
which is used for transmission/provision of position. Said 
operator preferably is a telecommunication operator in a 
communication network for mobile telephony. Further, it is 

25 the operator who, by means of databases and communication 
means, extracts and forwards the current position 
information and who receives the digital permission either 
from the supervising object B, or from the more or less 
public catalog service. Said position information the 

30 operator can get in known way from, for instance, GPS 

(Global Positioning System) or from information about the 
geographic location of base stations. 

In another embodiment of the invention, which is 
illustrated in Figure 2, the position permission issuer PTU 

35 and the operator consist of one and the same unit. The 

operator's task is to authenticate the supervising object B 
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by means of, for instance, traditional PKI-based methods or 
by other methods which can guarantee the authenticity of 
the object B. Further, the operator checks if the 
supervising object B has permission to receive the 

5 position of the supervised object A by checking the 

authenticity and validity of the digital permission by 
means of a origin certificate provided by the permission 
issuer PTU. If the digital permission is both authentic and 
valid, the operator transmits the position of the 

10 supervised object A to the supervising object B. 

The supervised person and the supervised object A can 
any time revoke the permission of the supervising object B 
to receive the position of the object A. These revocations 
of permissions can be saved in so called revocation lists, 

15 which are accessible to the operator so that he/she can 

check the validity of a permission. The operator can either 
on a regular basis derive these revocation lists, or online 
check can be performed. 

In a system according to the invention it further can 

20 be desirable that others than the supervised object A can 
initiate the issuing of the position permission. This can, 
for instance, be the case when parents want to supervise 
the position of their children under age, or, for instance, 
when relatives want to supervise the position of their 

25 relatives suffering from senile dementia. The parents or 
the relatives who in this example carry the supervising 
object B then can ask for permission to supervise their 
children respective their relatives suffering from senile 
dementia who carry the supervised object A. Request for 

30 permission then can be made directly from, for instance, 

the position permission issuer PTU. Request for permission, 
however, must be dealt with in a very careful and secure 
way, because the position as such can be regarded as very 
delicate and insulting to integrity when ending up at wrong 

35 persons. 
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Further, it can in the system according to the 
invention be to advantage if the person who carries the 
supervising object B can get an authorization directly from 
the supervised object A. This authorization then the 

5 supervising object B shows to the position permission 
issuer, PTU. On basis of the authorization the PTU can 
issue an authorization for the object B to receive the 
geographic position of the object A. The authorization in 
question can, for instance, be framed as a standard 

10 contract which the person who carries the object A can sign 
by means of his/her digital signature. This approach is of 
specific advantage when minimal initiative from the person 
who carries the supervised object A is wanted. 

In one more embodiment of the system according to the 

15 invention the digital permission has been extended by 

different additional attributes; the permission can, for 
instance, include information about between which points 
of time of a day and during which week days it is valid. 
Further, the permission can be provided with information 

20 regarding position accuracy, for instance if the person who 
is carrying the object B with its current digital 
permission can have position information with an accuracy 
of resolution of, for instance, 50 m, 1 km or 1 (Swedish) 
mile . 

25 In the system according to the invention, it is 

further of advantage if the digital permissions include the 
identities of the persons who carry the objects A and B, 
and preferably also A's MSISDN or any other network 
address, such as an IP-address for GPRS/UMTS. Identities 

30 preferably are made up of the civic numbers and names of 
the persons, but other information which unequivocally 
identify the persons and the objects can of course also be 
used . 

In the embodiment of the invention shown in Figure 1, 
35 the position permission issuer PTU and the operator are two 
different units. This is of specific advantage because the 
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operator, that is the organization which is responsible for 
among other things the operation of the communication 
network, then can sell position information, but locate 
issuing of permissions to/on one or more organizations. 
5 Consequently the present invention will be possible to use 
for most services where the service provider is separated 
from the operator. The invention is especially useful for 
services of the type person-to-person positioning. As 
examples can be mentioned positioning/position finding of: 
10 - members of the family; 

drivers by profession, such as mailmen, taxi drivers, 

policemen or truck drivers; 

pals. 

Another example is position depending so called PUSH- 

15 services, that is services where a certain information 
shall be transmitted at a certain occasion to a certain 
user, and where the content shall be dependent on where the 
user is. This can, for instance, be the case at automatic 
mediation of taxi customers to vacant cars, that is, when a 

20 taxi registers itself as vacant, the driver will 

automatically have information about where the nearest 
customer is. Another example can be drivers by profession 
who in a new town/city want to know where the nearest gas 
station, workshop or restaurant is. For instance a trucker 

25 would be able to indicate at which times he wants his 

meals, and the system according to the invention could be 
used to at these points of time indicate where the nearest 
restaurant is located. 

In the system according to the present invention it is 

30 further possible to provide position permission issuers PTU 
which are directed to public authorities. These will, for 
instance, give policemen permission to find out the 
geographical position of a user suspected of crime, at 
which this positioning can be executed without the operator 

35 needing to be involved in each individual case. 
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The present invention has only been described by means 
of exemplifying embodiments and it should be understood 
that other embodiments are possible without ending up 
outside the frame of the concept of invention, which is 
5 only limited by enclosed patent claims. 
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PATENT CLAIMS 

1. A wireless communication system for management of 
position information between at least one supervised 

5 object (A) and a supervising object (B) , including an 

operator and a position permission issuer (PTU) 
characterized in that the supervised 
object (A) is arranged, by means of a digital 
permission issued by the permission issuer (PTU), to 

10 provide the supervising object (B) with a permission 

to receive information about the geographical position 
of object (A) , at which said operator has devices to 
provide the current position information for/to the 
supervising object (B) . 

15 

2. System as claimed in patent claim 1, 
characterized in that it is PKI-based. 

3. System as claimed in any of the previous patent 
20 claims, characterized in that the 

supervised object (A) and the supervising object (B) 
are arranged to be identified by means of their 
digital identities . 

25 4. System as claimed in patent claim 3, 

characterized in that said digital 
identities are arranged to be made up of digital 
certificates issued by a Certificate Authority (CA) . 

30 5. System as claimed in any of the previous patent 
claims, characterized in that the 
supervising object (B) must have the permission of the 
supervised object (A) each time it wants to derive 
information about the position of the supervised 

35 object (A) . 
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6. System as claimed in any of the patent claims 1-4, 

characterized in that a supervising object 
(B) is provided with an authority from the supervised 
object (A) , at which the supervising object (B) is 
5 arranged to automatically receive information about 

the position of the supervised object (A) without the 
supervised object (A) each time being needed to 
provide its permission. 

10 7. System as claimed in any of the previous patent 

claims, characterized in that the digital 
permission is arranged to be made up of an attribute 
certificate and include information about the 
permission issuer (PTU), to which supervising object 

15 (B) the permission has been issued, and possibly also 

a description of the supervised object (A) . 

8. System as claimed in any of the previous patent 
claims, characterized in that the position 

20 permission provider (PTU) and the operator are 

arranged as one unit. 

9. System as claimed in any of the previous patent 
claims, characterized in that said 

25 communication system is a mobile telephone system. 



10. Procedure for management of position information 
between at least one supervised object (A) and a 
supervising object (B) , in a wireless communication 

30 system including an operator and a position permission 

issuer (PTU), characterized in that the 
supervised object (A) provides permission for/to the 
supervising object (B) to receive information about 
the geographical position of object (A), by means of a 

35 digital permission issued by the permission issuer 
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(PTU), at which said operator provides the current 
position information to the supervising object (B) . 

11. Procedure as claimed in patent claim 10, 
5 characterized in that the permission 

issuer (PTU) and/or the operator identifies the 
supervised object (A) and the supervising object (B) 
by means of their digital identities . 

io 12. Procedure as claimed in patent claim 11, 

characterized in that a Certificate 
Authority (CA) issues said digital identities. 

13. Procedure as claimed in any of the patent claims 10- 
15 12, characterized in that the supervising 

object (B) needs the permission of the supervised 
object (A) each time it wants information about the 
position of supervised object (A) . 

20 14. Procedure as claimed in any of the patent claims 10- 
12, characterized in that the supervising 
object (B) automatically receives information about 
the position of the supervised object (A) without the 
supervised object (A) each time being needed to 

25 provide its permission, because the supervising object 

(B) has an authority from the supervised object (A) . 

15. Procedure as claimed in any of the patent claims 10- 

14, characterized in that the digital 
30 permission is provided with information about the 

permission issuer (PTU), to which supervising object 
(B) the permission has been issued, and possibly also 
a description of the supervised object (A) . 

35 16. Procedure as claimed in any of the patent claims 10- 

15, characterized in that the position 
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permission issuer (PTU) and the operator are arranged 
as one and the same unit. 

17. Procedure as claimed in any of the patent claims 10- 
5 16, characteri zed in that the position 

information is transmitted by means of a mobile 
telephone system. 
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